- The Washington Times - Wednesday, March 13, 2013

The U.S. government this week lifted the lid slightly on its mostly secret policies on cybersecurity and cyberthreats, as the Obama administration grapples with the growing problem of cyberwarfare attacks and computer-based spying.

First, it was confirmed for the first time in public at a Senate Armed Services Committee hearing Tuesday that U.S. intelligence agencies recently completed a major National Intelligence Estimate on cyberthreats.

Officials familiar with the classified report, a consensus of all spy agencies, said it highlights the growing threat posed by Chinese, Russian and Iranian cyberattacks against government and private networks. It also provides details on Beijing’s role in cyberattacks — accusations the Chinese government continues to deny.

Sen. Carl M. Levin, the committee chairman, said the estimate and two other government and private reports “all leave little doubt that China’s actions are a serious threat to our nation’s economic well-being and to our security.”

“It’s long past time when United States and our allies who are also being attacked in this way should be imposing costs and penalties on China for their behavior,” the Michigan Democrat said. “China’s massive campaign to steal technology, business practices, intellectual property and business strategies through cyberspace continues, and it continues relentlessly.”

Additionally, President Obama recently signed a classified presidential policy directive designed to resolve issues of blurred lines of authority among agencies dealing with cyberattacks and responses.

A White House official said the directive on cyberoperations was signed last year by the president.

The official declined to discuss all elements of the secret directive but said it “will establish principles and processes that can enable more effective planning, development and use of our capabilities.”

“It enables us to be flexible, while also exercising restraint in dealing with the threats we face,” the official said, adding that U.S. policy is to “undertake the least action necessary to mitigate threats.”

The directive also prioritizes network defense and law enforcement “as the preferred courses of action,” the official said.

At the Pentagon, another new development revealed this week was the creation through the interagency planning process of a set of emergency action procedures to be used in dealing with cyber crises, such as a major computer attack against electrical or financial networks.

That process is similar to those used for strategic nuclear operations as well as for missile-defense operations.

For the military, the Joint Staff also is close to issuing a document outlining a cyberwarfare doctrine that will define rules of engagement for the armed forces, such as when a cyberattack constitutes an act of war.

The new measures came as the head of the U.S. Cyber Command, Army Gen. Keith B. Alexander, on Tuesday provided new details of the command’s expansion plans. The command is setting up three major teams of cyberwarriors, including one devoted to offensive cyberattacks against foreign states and groups. It is also integrating cyberoperations into the military’s combatant commands in anticipation of conflicts involving digital strikes and counter strikes.

Said Mr. Levin of the new steps: “The fact that these foundational policy frameworks and planning actions are now just taking shape serves as a stark illustration of how immature and complex this warfare domain remains.”

Story Continues →